CVE - CVE-2016-9460

CVE-ID
CVE-2016-9460	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:97282 URL:http://www.securityfocus.com/bid/97282 MISC:https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e MISC:https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c MISC:https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983 MISC:https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf MISC:https://hackerone.com/reports/145463 MISC:https://nextcloud.com/security/advisory/?id=nc-sa-2016-003 MISC:https://owncloud.org/security/advisory/?id=oc-sa-2016-013
Assigning CNA
HackerOne
Date Record Created
20161119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20161119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)